search

code-423n4 / 2024-05-gondi-mitigation-findings

0 stars 0 forks source link

M-19 MitigationConfirmed #84

Open c4-bot-4 opened 3 months ago

c4-bot-4 commented 3 months ago

Lines of code

Vulnerability details

Issue

Function settleWithBuyout() and placeBid() can be called at the same moment when block.timestamp = _auction.startTime + _timeForMainLenderToBuy.

It could cause loss of bidding amount if the users bid and then the auction is settled with buyout.

Mitigation

Do not allow buyout when block.timestamp = _auction.startTime + _timeForMainLenderToBuy anymore.

_checkAuction(_nftAddress, _tokenId, _auction);
uint256 timeLimit = _auction.startTime + _timeForMainLenderToBuy;
- if (timeLimit < block.timestamp) {
+ if (timeLimit <= block.timestamp) {
    revert OptionToBuyExpiredError(timeLimit);
}
uint256 largestTrancheIdx;
c4-judge commented 3 months ago

alex-ppg marked the issue as satisfactory